Web lists-archives.com

Re: [Samba] remote site options




On Sun, 9 Sep 2018 15:52:38 -0400
Sonic via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Sun, Sep 9, 2018 at 1:27 PM Reindl Harald via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > Am 09.09.18 um 17:16 schrieb Sonic via samba:
> > > Currently using Samba 4 as AD at the main site and would like the
> > > main site AD to authenticate users at a remote site (about 3
> > > systems). As I use my domain management system from a remote
> > > location via VPN I know this works, but the VPN may not be the
> > > lowest cost in terms of overhead.
> >
> > why?
> 
> Encryption overhead.
> 
> > > What other options are available?
> > >
> > > I'm thinking that port forwarding between the sites may incur the
> > > least overhead (which ports?). What are the common (and maybe not
> > > so common) practices in place for this scenario?
> >
> > frankly you even need bridged VPN instead routed - so how should
> > this work with port forwarding adn what problem do you try to solve
> > befoe come up with solutions?
> 
> From my office here I just use a site-to-site vpn when I need to
> manage the AD via RSAT.
> Normally my site-to-site VPN is down, but in the case of the small
> remote site contact with the AD would need to be full time. If it can
> be done easily with port forwarding it may be the least expensive way
> in terms of processing and also provide the best performance.
> 
> Chris
> 

You have said it yourself, sites. create a site in AD for the remote
site. Create a new DC at the site and point the clients at that. All
you will then have to cope with down the VPN is replication traffic
and will also allow the remote clients to keep working if the VPN goes
down.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba